ZEDO Selected for OTA Honor Roll for 4th Consecutive Year

ZEDO, INC., the leading independent advertising technology partner for publishers, has announced it  has been selected  for the Online Trust Alliance (OTA) 2015 Online Trust Honor Roll for the fourth year in a row. This honor demonstrates exceptional  commitment to data protection, privacy and security in an effort to better protect customers and brands from the increased threats of cybercriminals and abusive privacy practices.


OTA, a 501c3 nonprofit organization that works collaboratively with industry leaders to enhance online trust, completed comprehensive audits analyzing more than 1,000 domains and privacy policies, including approximately 100,000 web pages and more than 500 million emails for this report. The composite analysis included over  two-dozen attributes focusing on 1) site & server security, 2) domain, brand, email and consumer protection and 3) privacy policy and practices. In addition to the in-depth analysis of their web sites, Domain Name Systems (DNS), outbound emails, and public records were analyzed for recent data breach incidents and FTC settlements. Key sectors audited include the Internet Retailer Top 500, FDIC 100, Top 50 Social Sites, IoT Top 50 as well as OTA members.


“We are proud to once again recognize ZEDO for its leadership and commitment to working with peers, the industry and competitors to embrace consumer protection and embrace their right to privacy,”  said Craig Spiezle.  ZEDO plays an incredible important role in the advertising supply chain helping increase the integrity of online advertising.”

“ZEDO strives to make security and privacy of its customers’ data a top priority.” stated Roy De Souza, ZEDO CEO. “We fully support the OTA’s Data Breach Guidelines, and we also adhere to industry guidelines for data protection.”


Nearly 1,000 companies comprise the Honor Roll, including ZEDO. The report indicates that company size and/or sales are not true measures of the level of security and privacy a company implements. “All companies are equally evaluated by the same criteria regardless of size. We have seen large e-retailers with significant sales fail to make the Honor Roll; conversely we have seen small to mid-size companies taking top grades,” said Spiezle.

Started in 2005 as an effort to drive adoption of best practices, the objectives of the Honor Roll are to 1) recognize leadership and commitment to best practices which aid in the protection of online trust and confidence in online services, 2) Enable businesses to enhance their security, data protection and privacy practices, 3) Move from compliance to stewardship, demonstrating support of meaningful self-regulation, and 4) Promote security & privacy as part of a company’s brand promise and value proposition.


Being named to the 2015 Honor Roll is a significant effort considering only 30 percent of the 1,000 web sites evaluated made the Honor Roll, distinguishing themselves by safeguarding data via best practices in three categories: domain/brand protection, privacy and security. Conversely, a nearly 70 percent didn’t qualify for the Honor Roll .


“We are honored to be recognized for the measures we take around security and responsibility for our customers,” said De Souza. “We feel an enormous responsibility to provide protection and security for our customers.”

To review the full 2015 Honor Roll report, please download a free copy.

ABOUT The Online Trust Alliance (OTA) The Online Trust Alliance (OTA) is a member-based, non-profit representing the global internet ecosystem – including the public and private sectors. OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy and security threats while enhancing online trust, innovation and the vitality of the digital economy. OTA is committed to the protection of critical infrastructure, balanced legislation and data protection through the promotion of best practices, benchmark reporting, and self-regulation. For more information, visit:



ZEDO, Inc. is a platform offering clever, proprietary high impact formats that help publishers get new revenue. Known for technical innovation and ability to scale, ZEDO offers publishers products and services – including ad serving – and rich media formats with 99% viewable impressions. ZEDO also serves advertisers through ZINC, a suite of high impact formats including video and native ads on premium sites. Founded in 1999, ZEDO is headquartered in San Francisco with offices in New York, Singapore, Sydney, Seattle, Los Angeles, Chicago and Phoenix, and development centers in Russia and India. As the largest independent ad technology player, the company is distinguished by its global reach and cosmopolitan market knowledge.


OTA Comments on Proposed Data Breach Notification Legislation

As a member of The Online Trust Alliance (OTA), a global non-profit with the mission to enhance online trust and promote innovation, we take seriously the issue of online trust. There are now several federal data breach notification proposals wending their way through the legislature. OTA, because it represents over 100 other organizations, feels compelled to weigh in.

Here are  six key points and provisions  OTA believes are important considerations for an effective and balanced federal data breach notification law.

First, any federal data breach notification law must preempt the existing 47 state laws imposing a myriad of data breach notification obligations. State breach laws are a complex web of varied timing and notification requirements, and are a difficult mish-mash for an inter-state business to navigate during the challenge of responding to a data breach incident.

Second, any federal data breach notification law must contain a safe harbor from regulator penalties for those businesses or organizations that can demonstrate a commitment to the adoption of best security and privacy practices, provided they have been independently verified. While it is important to recognize there is no perfect security, OTA’s analysis of data shows that more than 90% of breaches that occurred in 2014 could have been prevented by adoption of best practices. A safe harbor for independently verified adoption of best practices would strongly encourage businesses to adopt best practices when they are most needed – in advance of a breach.

Third, any federal data breach notification law must contain a State right of enforcement. Similar to the Children’s Online Privacy Protection Act (COPPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), a state right of enforcement not only permits a state to protect its own citizens, but also allows states to complement the overburdened federal regulators by pursuing those companies and organizations that fail to live up to their data breach obligations.

Fourth, any federal data breach notification law must contain an appropriate coverage of personal information triggering notification. This is critical to ensure consumers are notified in a timely manner and for those breaches they need to know about, and are not over notified. If notifications become commonplace, consumers will get lost in the noise and likely not take appropriate action. Thus, the definition of what’s data is covered must be balanced and appropriate, must include paper records, and due to the common reuse of passwords by consumers across their numerous accounts – must include coverage for email/username address and password. A user’s email address and password are essentially the keys to their online kingdom, permitting access to social and financial websites, either directly or through a master account password reset.

Fifth, timely notice is critical to not only consumers, but also to regulatory authorities and law enforcement agencies. Businesses should be required to notify the FTC, FCC or other primary regulatory within seventy-two hours after discovering a breach involving covered data.

Sixth, any data breach legislation must permit businesses to share investigative forensics reports and related data with any law enforcement agencies investigating a breach. This sharing should not constitute a breach under the legislation nor impact any privilege or protections belonging to a business. Sharing forensic reports and data as soon as possible concerning a breach and attempted breach can be invaluable to help protect others and bring attackers to justice, and should be encouraged through appropriate protections in any data breach legislation.

We will be following this legislation through our active membership in OTA.